def get_resources(self, resource_ids):
resource_client = self.get_client('azure.mgmt.resource.ResourceManagementClient')
data = [
resource_client.resource_groups.get(ResourceIdParser.get_resource_group(rid))
for rid in resource_ids
]
return [r.serialize(True) for r in data]
def get_storage_keys(storage_account_id):
s = local_session(Session)
client = s.client('azure.mgmt.storage.StorageManagementClient')
resource_group = ResourceIdParser.get_resource_group(storage_account_id)
resource_name = ResourceIdParser.get_resource_name(storage_account_id)
keys = client.storage_accounts.list_keys(resource_group, resource_name)
return keys.keys
def augment(self, resources):
for resource in resources:
if 'id' in resource:
resource[
'resourceGroup'] = ResourceIdParser.get_resource_group(
resource['id'])
return resources
def get_resources(self, resource_ids):
resource_client = self.get_client('azure.mgmt.resource.ResourceManagementClient')
data = [
resource_client.resource_groups.get(ResourceIdParser.get_resource_group(rid))
for rid in resource_ids
]
return [r.serialize(True) for r in data]
def test_get_blob_client_from_storage_account_without_sas(self):
account = self.setup_account()
resource_group = ResourceIdParser.get_resource_group(account.id)
blob_client = StorageUtilities.get_blob_client_from_storage_account(
resource_group, account.name, self.session)
self.assertIsNotNone(blob_client)
def get_storage_keys(storage_account_id):
s = local_session(Session)
client = s.client('azure.mgmt.storage.StorageManagementClient')
resource_group = ResourceIdParser.get_resource_group(storage_account_id)
resource_name = ResourceIdParser.get_resource_name(storage_account_id)
keys = client.storage_accounts.list_keys(resource_group, resource_name)
return keys.keys
def augment(self, resources):
# TODO: temporary put here. Applicable only to ARM resources.
# Need to move to ARMResourceManager base class
for resource in resources:
if 'id' in resource:
resource['resourceGroup'] = ResourceIdParser.get_resource_group(resource['id'])
return resources
def _process_resource(self, resource):
resource_group = ResourceIdParser.get_resource_group(resource['id'])
account_name = ResourceIdParser.get_resource_name(
resource['c7n:parent-id'])
self.client.blob_containers.update(resource_group,
account_name,
resource['name'],
public_access=self.data['value'])
def get_cosmos_data_client_for_account(account_id, account_endpoint, manager, readonly=True):
key = CosmosDBChildResource.get_cosmos_key(
ResourceIdParser.get_resource_group(account_id),
ResourceIdParser.get_resource_name(account_id),
manager.get_client(),
readonly
)
data_client = CosmosClient(url_connection=account_endpoint, auth={'masterKey': key})
return data_client
def test_get_blob_client_from_storage_account_without_sas(self):
account = self.setup_account()
resource_group = ResourceIdParser.get_resource_group(account.id)
blob_client = StorageUtilities.get_blob_client_from_storage_account(
resource_group,
account.name,
self.session)
self.assertIsNotNone(blob_client)
def get_storage_account_connection_string(id):
rg_name = ResourceIdParser.get_resource_group(id)
name = ResourceIdParser.get_resource_name(id)
client = local_session(Session).client(
'azure.mgmt.storage.StorageManagementClient')
obj = client.storage_accounts.list_keys(rg_name, name)
connection_string = 'DefaultEndpointsProtocol={};AccountName={};AccountKey={}'.format(
'https', name, obj.keys[0].value)
return connection_string
def deploy_function_app(parameters):
function_app_unit = FunctionAppDeploymentUnit()
function_app_params = \
{'name': parameters.function_app_name,
'resource_group_name': parameters.function_app_resource_group_name}
function_app = function_app_unit.get(function_app_params)
if function_app:
# retrieve the type of app service plan hosting the existing function app
session = local_session(Session)
web_client = session.client(
'azure.mgmt.web.WebSiteManagementClient')
app_id = function_app.server_farm_id
app_name = ResourceIdParser.get_resource_name(app_id)
app_resource_group_name = ResourceIdParser.get_resource_group(
app_id)
app_service_plan = web_client.app_service_plans.get(
app_resource_group_name, app_name)
# update the sku tier to properly reflect what is provisioned in Azure
parameters.service_plan['sku_tier'] = app_service_plan.sku.tier
return function_app
sp_unit = AppServicePlanUnit()
app_service_plan = sp_unit.provision_if_not_exists(
parameters.service_plan)
# if only resource_id is provided, retrieve existing app plan sku tier
parameters.service_plan['sku_tier'] = app_service_plan.sku.tier
ai_unit = AppInsightsUnit()
app_insights = ai_unit.provision_if_not_exists(parameters.app_insights)
sa_unit = StorageAccountUnit()
storage_account_id = sa_unit.provision_if_not_exists(
parameters.storage_account).id
con_string = FunctionAppUtilities.get_storage_account_connection_string(
storage_account_id)
function_app_params.update({
'location':
app_service_plan.location,
'app_service_plan_id':
app_service_plan.id,
'app_insights_key':
app_insights.instrumentation_key,
'is_consumption_plan':
FunctionAppUtilities.is_consumption_plan(parameters),
'storage_account_connection_string':
con_string
})
return function_app_unit.provision(function_app_params)
def get_storage_account_connection_string(id):
rg_name = ResourceIdParser.get_resource_group(id)
name = ResourceIdParser.get_resource_name(id)
client = local_session(Session).client('azure.mgmt.storage.StorageManagementClient')
obj = client.storage_accounts.list_keys(rg_name, name)
connection_string = 'DefaultEndpointsProtocol={};AccountName={};AccountKey={}'.format(
'https',
name,
obj.keys[0].value)
return connection_string
def extract_properties(options, name, properties):
settings = options.get(name, {})
result = {}
# str type implies settings is a resource id
if isinstance(settings, six.string_types):
result['id'] = settings
result['name'] = ResourceIdParser.get_resource_name(settings)
result['resource_group_name'] = ResourceIdParser.get_resource_group(settings)
else:
for key in properties.keys():
result[key] = settings.get(StringUtils.snake_to_camel(key), properties[key])
return result
def test_get_blob_client_from_storage_account_without_sas_fails_sas_generation(self):
with self.assertRaises(ValueError):
account = self.setup_account()
resource_group = ResourceIdParser.get_resource_group(account.id)
blob_client = StorageUtilities.get_blob_client_from_storage_account(
resource_group,
account.name,
self.session)
# create container for package
blob_client.create_container('test')
blob_client.create_blob_from_text('test', 'test.txt', 'My test contents.')
blob_client.generate_blob_shared_access_signature('test', 'test.txt')
def extract_properties(options, name, properties):
settings = options.get(name, {})
result = {}
# str type implies settings is a resource id
if isinstance(settings, six.string_types):
result['id'] = settings
result['name'] = ResourceIdParser.get_resource_name(settings)
result['resource_group_name'] = ResourceIdParser.get_resource_group(settings)
else:
for key in properties.keys():
result[key] = settings.get(StringUtils.snake_to_camel(key), properties[key])
return result
def get_resources(self, resource_ids):
client = self.get_client()
result = []
for rid in resource_ids:
resource = None
if is_resource_group_id(rid):
resource = client.resource_groups.get(ResourceIdParser.get_resource_group(rid))
resource.type = RESOURCE_GROUPS_TYPE
else:
resource = client.resources.get_by_id(rid, self._session.resource_api_version(rid))
result.append(resource)
return self.augment([r.serialize(True) for r in result])
def test_get_blob_client_from_storage_account_with_sas(self):
account = self.setup_account()
resource_group = ResourceIdParser.get_resource_group(account.id)
blob_client = StorageUtilities.get_blob_client_from_storage_account(
resource_group, account.name, self.session, True)
# create sas token for blob
blob_client.create_container('test')
blob_client.create_blob_from_text('test', 'test.txt',
'My test contents.')
sas = blob_client.generate_blob_shared_access_signature(
'test', 'test.txt')
self.assertIsNotNone(sas)
def get_cosmos_data_client(resources, manager, readonly=True):
cosmos_db_key = resources[0]['c7n:parent-id']
url_connection = resources[0]['c7n:document-endpoint']
# Get the data client keys
key = CosmosDBChildResource.get_cosmos_key(
ResourceIdParser.get_resource_group(cosmos_db_key),
ResourceIdParser.get_resource_name(cosmos_db_key),
manager.get_client(), readonly)
# Build a data client
data_client = CosmosClient(url_connection=url_connection,
auth={'masterKey': key})
return data_client
def test_get_blob_client_from_storage_account_with_sas(self):
account = self.setup_account()
resource_group = ResourceIdParser.get_resource_group(account.id)
blob_client = StorageUtilities.get_blob_client_from_storage_account(
resource_group,
account.name,
self.session,
True)
# create sas token for blob
blob_client.create_container('test')
blob_client.create_blob_from_text('test', 'test.txt', 'My test contents.')
sas = blob_client.generate_blob_shared_access_signature('test', 'test.txt')
self.assertIsNotNone(sas)
def prepare_queue_storage(self, queue_resource_id, queue_name):
"""
Create a storage client using unusual ID/group reference
as this is what we require for event subscriptions
"""
storage_client = self.session.client(
'azure.mgmt.storage.StorageManagementClient')
account = storage_client.storage_accounts.get_properties(
ResourceIdParser.get_resource_group(queue_resource_id),
ResourceIdParser.get_resource_name(queue_resource_id))
Storage.create_queue_from_storage_account(account, queue_name,
self.session)
return account
def extract_properties(options, name, properties):
settings = options.get(name, {})
result = {}
# str type implies settings is a resource id
if isinstance(settings, six.string_types):
result['id'] = settings
result['name'] = ResourceIdParser.get_resource_name(settings)
result['resource_group_name'] = ResourceIdParser.get_resource_group(settings)
else:
# get nested keys
for key in properties.keys():
value = settings.get(StringUtils.snake_to_camel(key), properties[key])
if isinstance(value, dict):
result[key] = \
AzureFunctionMode.extract_properties({'v': value}, 'v', properties[key])
else:
result[key] = value
return result
def process_resource_set(self, resources):
matched = []
try:
# Skip if offer key is present anywhere because we already
# queried and joined offers in a previous filter instance
if not resources[0].get('c7n:offer'):
# Get the data client keys
parent_key = resources[0]['c7n:parent-id']
key = CosmosDBChildResource.get_cosmos_key(
ResourceIdParser.get_resource_group(parent_key),
ResourceIdParser.get_resource_name(parent_key),
self.manager.get_parent_manager().get_client())
# Build a data client
data_client = CosmosClient(
url_connection=resources[0]['c7n:document-endpoint'],
auth={'masterKey': key})
# Get the offers
offers = list(data_client.ReadOffers())
# Match up offers to collections
for resource in resources:
offer = [
o for o in offers if o['resource'] == resource['_self']
]
resource['c7n:offer'] = offer
# Pass each resource through the base filter
for resource in resources:
filtered_resource = super(CosmosDBOfferFilter,
self).process(resource['c7n:offer'],
event=None)
if filtered_resource:
matched.append(resource)
except Exception as error:
log.warning(error)
return matched
def deploy_function_app(parameters):
function_app_unit = FunctionAppDeploymentUnit()
function_app_params = \
{'name': parameters.function_app_name,
'resource_group_name': parameters.function_app_resource_group_name}
function_app = function_app_unit.get(function_app_params)
if function_app:
# retrieve the type of app service plan hosting the existing function app
session = local_session(Session)
web_client = session.client('azure.mgmt.web.WebSiteManagementClient')
app_id = function_app.server_farm_id
app_name = ResourceIdParser.get_resource_name(app_id)
app_resource_group_name = ResourceIdParser.get_resource_group(app_id)
app_service_plan = web_client.app_service_plans.get(app_resource_group_name, app_name)
# update the sku tier to properly reflect what is provisioned in Azure
parameters.service_plan['sku_tier'] = app_service_plan.sku.tier
return function_app
sp_unit = AppServicePlanUnit()
app_service_plan = sp_unit.provision_if_not_exists(parameters.service_plan)
# if only resource_id is provided, retrieve existing app plan sku tier
parameters.service_plan['sku_tier'] = app_service_plan.sku.tier
ai_unit = AppInsightsUnit()
app_insights = ai_unit.provision_if_not_exists(parameters.app_insights)
sa_unit = StorageAccountUnit()
storage_account_id = sa_unit.provision_if_not_exists(parameters.storage_account).id
con_string = FunctionAppUtilities.get_storage_account_connection_string(storage_account_id)
function_app_params.update(
{'location': app_service_plan.location,
'app_service_plan_id': app_service_plan.id,
'app_insights_key': app_insights.instrumentation_key,
'is_consumption_plan': FunctionAppUtilities.is_consumption_plan(parameters),
'storage_account_connection_string': con_string})
return function_app_unit.provision(function_app_params)
def _get_backup_retention_policy(self, resource, get_operation):
server_id = resource[self.manager.resource_type.parent_key]
resource_group_name = resource.get('resourceGroup')
if resource_group_name is None:
resource_group_name = ResourceIdParser.get_resource_group(server_id)
database_name = resource['name']
server_name = ResourceIdParser.get_resource_name(server_id)
try:
response = get_operation(resource_group_name, server_name, database_name)
except CloudError as e:
if e.status_code == 404:
response = None
else:
log.error("Unable to get backup retention policy. "
"(resourceGroup: {}, sqlserver: {}, sqldatabase: {})".format(
resource_group_name, server_name, database_name))
raise e
return response
def prepare_queue_storage(self, queue_resource_id, queue_name):
"""
Create a storage client using unusual ID/group reference
as this is what we require for event subscriptions
"""
# Use a different session object if the queue is in a different subscription
queue_subscription_id = ResourceIdParser.get_subscription_id(
queue_resource_id)
if queue_subscription_id != self.session.subscription_id:
session = Session(queue_subscription_id)
else:
session = self.session
storage_client = session.client(
'azure.mgmt.storage.StorageManagementClient')
account = storage_client.storage_accounts.get_properties(
ResourceIdParser.get_resource_group(queue_resource_id),
ResourceIdParser.get_resource_name(queue_resource_id))
Storage.create_queue_from_storage_account(account, queue_name,
self.session)
return account
def test_get_resource_group(self):
self.assertEqual(ResourceIdParser.get_resource_group(RESOURCE_ID), "rgtest")
def test_get_resource_group(self):
self.assertEqual(ResourceIdParser.get_resource_group(RESOURCE_ID), "rgtest")
def augment(self, resources):
for resource in resources:
if 'id' in resource:
resource['resourceGroup'] = ResourceIdParser.get_resource_group(resource['id'])
return resources
